Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-39296
HistoryJan 05, 2024 - 5:15 p.m.

CVE-2023-39296

2024-01-0517:15:09
CWE-1321
[email protected]
web.nvd.nist.gov
19
cve-2023-39296
qnap
operating system
vulnerability
prototype pollution
attribute override
network crash

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later

Affected configurations

NVD
Node
qnapqtsMatch5.1.0.2348build_20230325
OR
qnapqtsMatch5.1.0.2399build_20230515
OR
qnapqtsMatch5.1.0.2418build_20230603
OR
qnapqtsMatch5.1.0.2444build_20230629
OR
qnapqtsMatch5.1.0.2466build_20230721
OR
qnapqtsMatch5.1.1.2491build_20230815
OR
qnapqtsMatch5.1.2.2533build_20230926
Node
qnapquts_heroMatchh5.1.0.2409build_20230525
OR
qnapquts_heroMatchh5.1.0.2424build_20230609
OR
qnapquts_heroMatchh5.1.0.2453build_20230708
OR
qnapquts_heroMatchh5.1.0.2466build_20230721
OR
qnapquts_heroMatchh5.1.1.2488build_20230812
OR
qnapquts_heroMatchh5.1.2.2534build_20230927

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.3.2578 build 20231110",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.1.3.2578 build 20231110",
        "status": "affected",
        "version": "h5.1.x",
        "versionType": "custom"
      }
    ]
  }
]

Related

nessus 1
prion 1
cvelist 1
nvd 1
openvas 2
thn 1
nessus
nessus
QNAP QTS / QuTS hero Vulnerability in QTS and QuTS hero (QSA-23-64)
2024-01-08 00:00:00
prion
prion
Code injection
2024-01-05 17:15:00
cvelist
cvelist
CVE-2023-39296 QTS, QuTS hero
2024-01-05 16:19:20
nvd
nvd
CVE-2023-39296
2024-01-05 17:15:09
openvas
openvas
QNAP QTS Multiple Vulnerabilities (QSA-23-22, QSA-23-54, QSA-23-64)
2024-01-09 00:00:00
QNAP QuTS hero Multiple Vulnerabilities (QSA-23-22, QSA-23-54, QSA-23-64)
2024-01-09 00:00:00
thn
thn
Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager
2024-01-09 09:52:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON
Related for CVE-2023-39296
nessus1prion1cvelist1nvd1openvas2thn1